Azure VNet – Point to Site VPN

Difficulty Level:    

In this article, I’ll walk through how to enable Point-to-Site VPN connection from your local machine to Azure VNet.

Enable Point-to-Site VPN connection (P2S VNP Connection)

Access to Azure Portal > select Networks from left menu > select your existing Virtual Network (in this tutorial I use nguyens-cloud-vnet network) > access to Configure tab. If you don’t have any VNet, you can follow Azure VNet – Step-by-Step to create your own Virtual Network to create new one.

Select Configure point-to-site connectivity in point-to-site connectivity area. You need to define the address space which will be allocated to your local machine when it connects to VNet.

point-to-site-1st-step

Save the pending change and back to Dashboard tab to see the status.

point-to-site-2nd-step

Create root and client certificates

P2S VPN Connection required a certificate, you can use the existing one or can create your own certification by using Visual Studio 20xx command prompt.

point-to-site-17st-step

The following script help to create root and client certificate that be installed on all machines that will access the P2S connection.

Import root certificate to Azure VNet

Open an MMC (Microsoft Management Console) > Click File and select Add/Remove Snap-in .. > Click Certificates.

point-to-site-18st-step

Click Add > Keep select My user account > Click on Finish.

point-to-site-19st-step

Expand Certificates – Current User > Expand the Personal folder > Select Certificates folder > Right-click on the root certificate you created > Select All Tasks > Select Export…

point-to-site-9th-step

Select No, do not export the private key option.

point-to-site-10th-step

Then keep the default DER encoded binary (.CER) selected and click Next then save it to your selected folder.

Select your VNet and access to Certificates tab > click on Upload button > browse to the folder created when export root certificate above > Upload certificate to Azure VNet.

point-to-site-3rd-step

Install client certificate to your machines

Similar with root certificate but you need to choose Yes, export the primary key option.

point-to-site-11th-step

Make sure Personal Information Exchange is selected and that Include all certificates in the certification path if possible is selected > Specify the password for your certificate > Specify the directory to export.

point-to-site-12th-step

Copy the certificate to respective machines. Right-click on the client certificate and select Install PFX to install it.

Connect to VNet with P2S Connection

The connection now is available now.

point-to-site-14th-step

Azure provides the Client VNP Package which help to create P2S VPN Connection in your machines.

point-to-site-5th-step

After install Client VPN Package, you can find and connect to VPN from Networks list.

point-to-site-6th-step

Click on Connect to establish connection to your VNet.

point-to-site-7th-step

And here’s our result

point-to-site-13th-step

Son Nguyen

Son Nguyen

Son Nguyen is a Cloud Consultant working for FPT Software’s Cloud Innovation team. With deep knowledge in AWS and MS Azure, Son acts as a cloud consultant in various areas, ranging from assessment to architecture design, supporting customers from Japan, EU to US.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

*